1 heat_template_version: ocata
4 OpenStack Neutron Server configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Mapping of service endpoint -> protocol. Typically set
19 via parameter_defaults in the resource registry.
24 Sets the number of API and RPC workers for the Neutron service. The
25 default value results in the configuration being left unset and a
26 system-dependent default will be chosen (usually the number of
27 processors). Please note that this can result in a large number of
28 processes and memory consumption on systems with a large core count. On
29 such systems it is recommended that a non-default value be selected that
30 matches the load requirements.
33 description: The password for the neutron service and db account, used by neutron agents.
36 NeutronAllowL3AgentFailover:
38 description: Allow automatic l3-agent failover
41 description: The password for the nova service and db account, used by nova-api.
45 description: Enable Neutron DVR.
51 description: Keystone region for endpoint
52 MonitoringSubscriptionNeutronServer:
53 default: 'overcloud-neutron-server'
55 NeutronApiLoggingSource:
58 tag: openstack.neutron.api
59 path: /var/log/neutron/server.log
64 # DEPRECATED: the following options are deprecated and are currently maintained
65 # for backwards compatibility. They will be removed in the Ocata cycle.
70 Whether to enable HA for virtual routers. When not set, L3 HA will be
71 automatically enabled if the number of nodes hosting controller
72 configurations and DVR is disabled. Valid values are 'true' or 'false'
73 This parameter is being deprecated in Newton and is scheduled to be
74 removed in Ocata. Future releases will enable L3 HA by default if it is
75 appropriate for the deployment type. Alternate mechanisms will be
76 available to override.
80 The following parameters are deprecated and will be removed. They should not
81 be relied on for new deployments. If you have concerns regarding deprecated
82 parameters, please contact the TripleO development team on IRC or the
83 OpenStack mailing list.
88 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
93 type: OS::TripleO::Services::TLSProxyBase
95 ServiceNetMap: {get_param: ServiceNetMap}
96 DefaultPasswords: {get_param: DefaultPasswords}
97 EndpointMap: {get_param: EndpointMap}
98 EnableInternalTLS: {get_param: EnableInternalTLS}
101 type: ./neutron-base.yaml
103 ServiceNetMap: {get_param: ServiceNetMap}
104 DefaultPasswords: {get_param: DefaultPasswords}
105 EndpointMap: {get_param: EndpointMap}
109 description: Role data for the Neutron Server agent service.
111 service_name: neutron_api
112 monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
113 logging_source: {get_param: NeutronApiLoggingSource}
118 - get_attr: [NeutronBase, role_data, config_settings]
119 - get_attr: [TLSProxyBase, role_data, config_settings]
120 - neutron::server::database_connection:
123 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
125 - {get_param: NeutronPassword}
127 - {get_param: [EndpointMap, MysqlInternal, host]}
129 - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
130 neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
131 neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
132 neutron::server::api_workers: {get_param: NeutronWorkers}
133 neutron::server::rpc_workers: {get_param: NeutronWorkers}
134 neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
135 neutron::server::enable_proxy_headers_parsing: true
136 neutron::keystone::authtoken::password: {get_param: NeutronPassword}
137 neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneInternal, uri_no_suffix ] }
138 neutron::server::notifications::tenant_name: 'service'
139 neutron::server::notifications::project_name: 'service'
140 neutron::server::notifications::password: {get_param: NovaPassword}
141 neutron::keystone::authtoken::project_name: 'service'
142 neutron::keystone::authtoken::user_domain_name: 'Default'
143 neutron::keystone::authtoken::project_domain_name: 'Default'
144 neutron::server::sync_db: true
145 tripleo.neutron_api.firewall_rules:
150 neutron::server::router_distributed: {get_param: NeutronEnableDVR}
151 # NOTE: bind IP is found in Heat replacing the network name with the local node IP
152 # for the given network; replacement examples (eg. for internal_api):
154 # internal_api_uri -> [IP]
155 # internal_api_subnet - > IP/CIDR
156 tripleo::profile::base::neutron::server::tls_proxy_bind_ip:
157 get_param: [ServiceNetMap, NeutronApiNetwork]
158 tripleo::profile::base::neutron::server::tls_proxy_fqdn:
161 "%{hiera('fqdn_$NETWORK')}"
163 $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
164 tripleo::profile::base::neutron::server::tls_proxy_port:
165 get_param: [EndpointMap, NeutronInternal, port]
166 # Bind to localhost if internal TLS is enabled, since we put a TLS
172 - {get_param: [ServiceNetMap, NeutronApiNetwork]}
173 tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
175 include tripleo::profile::base::neutron::server
176 service_config_settings:
178 neutron::keystone::auth::tenant: 'service'
179 neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
180 neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
181 neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
182 neutron::keystone::auth::password: {get_param: NeutronPassword}
183 neutron::keystone::auth::region: {get_param: KeystoneRegion}
185 neutron::db::mysql::password: {get_param: NeutronPassword}
186 neutron::db::mysql::user: neutron
187 neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
188 neutron::db::mysql::dbname: ovs_neutron
189 neutron::db::mysql::allowed_hosts:
191 - "%{hiera('mysql_bind_host')}"
193 - name: Check if neutron_server is deployed
194 command: systemctl is-enabled neutron-server
197 register: neutron_server_enabled
198 - name: "PreUpgrade step0,validation: Check service neutron-server is running"
199 shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b'
200 when: neutron_server_enabled.rc == 0
201 tags: step0,validation
202 - name: Stop neutron_api service
204 when: neutron_server_enabled.rc == 0
205 service: name=neutron-server state=stopped
207 get_attr: [TLSProxyBase, role_data, metadata_settings]